2019-09-14 22:28:16 +00:00
const core = require ( '@actions/core' ) ;
const child _process = require ( 'child_process' ) ;
const fs = require ( 'fs' ) ;
2021-02-19 13:37:34 +00:00
const crypto = require ( 'crypto' ) ;
2023-01-27 17:09:18 +00:00
const { homePath , sshAgentCmdDefault , sshAddCmdDefault , gitCmdDefault } = require ( './paths.js' ) ;
2019-09-14 22:28:16 +00:00
try {
2020-02-06 18:09:44 +00:00
const privateKey = core . getInput ( 'ssh-private-key' ) ;
2022-10-19 10:41:11 +00:00
const logPublicKey = core . getBooleanInput ( 'log-public-key' , { default : true } ) ;
2020-01-14 09:29:16 +00:00
2023-01-27 17:09:18 +00:00
const sshAgentCmdInput = core . getInput ( 'ssh-agent-cmd' ) ;
const sshAddCmdInput = core . getInput ( 'ssh-add-cmd' ) ;
const gitCmdInput = core . getInput ( 'git-cmd' ) ;
const sshAgentCmd = sshAgentCmdInput ? sshAgentCmdInput : sshAgentCmdDefault ;
const sshAddCmd = sshAddCmdInput ? sshAddCmdInput : sshAddCmdDefault ;
const gitCmd = gitCmdInput ? gitCmdInput : gitCmdDefault ;
2020-01-14 09:29:16 +00:00
if ( ! privateKey ) {
core . setFailed ( "The ssh-private-key argument is empty. Maybe the secret has not been configured, or you are using a wrong secret name in your workflow file." ) ;
return ;
}
2022-10-19 11:27:50 +00:00
const homeSsh = homePath + '/.ssh' ;
2021-02-13 20:02:34 +00:00
2019-09-15 07:32:43 +00:00
console . log ( ` Adding GitHub.com keys to ${ homeSsh } /known_hosts ` ) ;
2021-03-10 07:19:17 +00:00
2020-03-03 00:41:12 +00:00
fs . mkdirSync ( homeSsh , { recursive : true } ) ;
2021-11-20 11:21:38 +00:00
fs . appendFileSync ( ` ${ homeSsh } /known_hosts ` , '\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\n' ) ;
fs . appendFileSync ( ` ${ homeSsh } /known_hosts ` , '\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\n' ) ;
2019-09-15 07:32:43 +00:00
fs . appendFileSync ( ` ${ homeSsh } /known_hosts ` , '\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\n' ) ;
2019-09-14 22:28:16 +00:00
console . log ( "Starting ssh-agent" ) ;
2021-03-10 07:19:17 +00:00
2019-09-14 22:28:16 +00:00
const authSock = core . getInput ( 'ssh-auth-sock' ) ;
2021-03-10 07:19:17 +00:00
const sshAgentArgs = ( authSock && authSock . length > 0 ) ? [ '-a' , authSock ] : [ ] ;
2020-05-18 07:08:29 +00:00
// Extract auth socket path and agent pid and set them as job variables
2022-10-19 11:27:50 +00:00
child _process . execFileSync ( sshAgentCmd , sshAgentArgs ) . toString ( ) . split ( "\n" ) . forEach ( function ( line ) {
2021-03-10 07:19:17 +00:00
const matches = /^(SSH_AUTH_SOCK|SSH_AGENT_PID)=(.*); export \1/ . exec ( line ) ;
2020-05-18 07:08:29 +00:00
if ( matches && matches . length > 0 ) {
2021-03-10 07:19:17 +00:00
// This will also set process.env accordingly, so changes take effect for this script
2020-05-18 07:08:29 +00:00
core . exportVariable ( matches [ 1 ] , matches [ 2 ] )
2021-03-10 07:19:17 +00:00
console . log ( ` ${ matches [ 1 ] } = ${ matches [ 2 ] } ` ) ;
2020-05-18 07:08:29 +00:00
}
2021-03-10 07:19:17 +00:00
} ) ;
console . log ( "Adding private key(s) to agent" ) ;
2019-09-14 22:28:16 +00:00
2020-01-14 09:29:16 +00:00
privateKey . split ( /(?=-----BEGIN)/ ) . forEach ( function ( key ) {
2022-10-19 11:27:50 +00:00
child _process . execFileSync ( sshAddCmd , [ '-' ] , { input : key . trim ( ) + "\n" } ) ;
2020-01-14 09:21:11 +00:00
} ) ;
2020-01-14 09:29:16 +00:00
2021-03-10 07:19:17 +00:00
console . log ( "Key(s) added:" ) ;
2022-10-19 11:27:50 +00:00
child _process . execFileSync ( sshAddCmd , [ '-l' ] , { stdio : 'inherit' } ) ;
2021-03-10 07:19:17 +00:00
console . log ( 'Configuring deployment key(s)' ) ;
2020-01-14 09:29:16 +00:00
2022-10-19 12:54:52 +00:00
child _process . execFileSync ( sshAddCmd , [ '-L' ] ) . toString ( ) . trim ( ) . split ( /\r?\n/ ) . forEach ( function ( key ) {
2023-02-15 20:47:25 +00:00
const parts = key . match ( /\b([\w.]+)[:/]([_.a-z0-9-]+\/[_.a-z0-9-]+)$/i ) ;
2021-02-19 13:37:34 +00:00
2021-03-10 07:19:17 +00:00
if ( ! parts ) {
2022-10-19 10:41:11 +00:00
if ( logPublicKey ) {
console . log ( ` Comment for (public) key ' ${ key } ' does not match GitHub URL pattern. Not treating it as a GitHub deploy key. ` ) ;
}
2021-02-19 13:37:34 +00:00
return ;
}
2021-03-10 07:19:17 +00:00
const sha256 = crypto . createHash ( 'sha256' ) . update ( key ) . digest ( 'hex' ) ;
2023-02-15 20:47:25 +00:00
const githubHost = parts [ 1 ] ;
const ownerAndRepo = parts [ 2 ] . replace ( /\.git$/ , '' ) ;
2021-02-19 13:37:34 +00:00
2021-03-10 07:19:17 +00:00
fs . writeFileSync ( ` ${ homeSsh } /key- ${ sha256 } ` , key + "\n" , { mode : '600' } ) ;
2021-02-19 13:37:34 +00:00
2023-02-15 20:47:25 +00:00
child _process . execSync ( ` ${ gitCmd } config --global --replace-all url."git@key- ${ sha256 } . ${ githubHost } : ${ ownerAndRepo } ".insteadOf "https:// ${ githubHost } / ${ ownerAndRepo } " ` ) ;
child _process . execSync ( ` ${ gitCmd } config --global --add url."git@key- ${ sha256 } . ${ githubHost } : ${ ownerAndRepo } ".insteadOf "git@ ${ githubHost } : ${ ownerAndRepo } " ` ) ;
child _process . execSync ( ` ${ gitCmd } config --global --add url."git@key- ${ sha256 } . ${ githubHost } : ${ ownerAndRepo } ".insteadOf "ssh://git@ ${ githubHost } / ${ ownerAndRepo } " ` ) ;
2021-02-19 13:37:34 +00:00
2023-02-15 20:47:25 +00:00
const sshConfig = ` \n Host key- ${ sha256 } . ${ githubHost } \n `
+ ` HostName ${ githubHost } \n `
2021-03-10 07:19:17 +00:00
+ ` IdentityFile ${ homeSsh } /key- ${ sha256 } \n `
2021-02-19 13:37:34 +00:00
+ ` IdentitiesOnly yes \n ` ;
fs . appendFileSync ( ` ${ homeSsh } /config ` , sshConfig ) ;
2021-03-10 07:19:17 +00:00
console . log ( ` Added deploy-key mapping: Use identity ' ${ homeSsh } /key- ${ sha256 } ' for GitHub repository ${ ownerAndRepo } ` ) ;
2021-02-19 13:37:34 +00:00
} ) ;
2019-09-14 22:28:16 +00:00
} catch ( error ) {
2021-03-05 20:17:14 +00:00
if ( error . code == 'ENOENT' ) {
console . log ( ` The ' ${ error . path } ' executable could not be found. Please make sure it is on your PATH and/or the necessary packages are installed. ` ) ;
console . log ( ` PATH is set to: ${ process . env . PATH } ` ) ;
}
2019-09-14 22:28:16 +00:00
core . setFailed ( error . message ) ;
}